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DETAILED ACTION 
Continued Examination Under 37 CFR 1.114 

o 

1 . A request for continued examination under 37 CFR 1.114, including the fee set 
forth in 37 CFR 1 .1 7(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.1 14, and the fee set 
forth in 37 CFR 1 .17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.1 14. Applicant's submission filed on 
September 6, 2006 has been entered. 

2. Claims 1 5-26, 32-38, and 40-55 are currently being considered. 

Response to Arguments 

3. Applicant's arguments, see Applicant's remarks pages 12-21 , filed September 6, 
2006 with respect to the rejection(s) of claim(s) 1 5-26, 32-38, and 40-55 under Soursa 
(U S. Patent Pub. No. US 2002/0194584 A1) and Ramasubramani (U.S. Patent No. 
6,233,577) have been fully considered and are persuasive. Therefore, the rejection has 
been withdrawn. However, upon further consideration, a new ground(s) of rejection is 
made in view of Penders (U.S. Patent No. 6,880,080). 



Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 15-26, 32-38, and 40-55 are rejected under 35 U.S.C. 102(e) as being 
anticipated by Penders (U.S. Patent 6,880,080). 

Regarding claim 15, Penders discloses: 
A method comprising: 

operating a primary trusted provisioning domain (TPD) (column 5 lines 1-13), 
wherein the primary TPD is interpreted as being the Certificate Authority (CA); and 

using the primary TPD to provision a mobile device on a wireless network by 
sending a provisioning message to the mobile device, the provisioning message 
specifying a secondary TPD authorized to provision the mobile device via a network and 
an identifier of on or more parameters which the secondary TPD is authorized to 
provision, the secondary TPD comprising a provisioning server (Figure 1, column 6 line 
64 - column 7 line 13), wherein the Certificate Authority (CA), transmits a certificate 
specifying that the Service Provider (secondary provisioning server) is allowed to 
perform certain functions. 
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Claim 16 is rejected as applied above in rejecting claim 15. Furthermore, Penders 
discloses: 

A method as recited in claim 15, wherein the primary TPD is within a trusted 
environment, and wherein the secondary TPD is outside the trusted environment 
(Figure 1, column 5 lines 1-14), wherein the certificate authority is connected via a 
telecommunications network to the terminal and the Service Provider. 

Claim 17 is rejected as applied above in rejecting claim 16. Furthermore, Penders 
discloses: 

A method as recited in claim 16, wherein the secondary TPD communicates with 
the mobile device via a second network that is outside the trusted environment (Figure 
1 , column 5 lines 1-14), wherein the certificate authority is connected via a 
telecommunications network to the terminal and the Service Provider. 

Claim 18 is rejected as applied above in rejecting claim 16. Furthermore, Penders 
discloses: 

A method as recited in claim 16, further comprising using the primary TPD 
system to provision the mobile device with a digital certificate identifying the secondary 
TPD to enable the secondary TPD to provision the mobile device using a digital 
signature (column 6 lines 1-25, column 6 line 63 - column 7 line 12), wherein the 
certificate contains the allowable functionality that the secondary provisioning server is 
allowed to perform on the mobile device. 
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Claim 19 is rejected as applied above in rejecting claim 15. Furthermore, Penders 
discloses: 

A method as recited in claim 15, wherein the provisioning message specifies a 
plurality of secondary TPDs authorized to provision the mobile devices and one or more 
parameters which each of the secondary TPDs is authorized to provision (column 6 
lines 1-25, column 6 line 63 - column 7 line 12), wherein the certificate contains the 
allowable functionality that the secondary provisioning server is allowed to perform on 
the mobile device, and wherein there can be more than one service provider (column 5 
lines 5-13). 

Regarding claim 20, Penders discloses: 
A method comprising: 

operating a primary provisioning server within a predefined trusted environment, 
the primary provisioning server having authorization to provision a plurality of mobile 
devices on a wireless network (Figure 1 , column 6 line 64 - column 7 line 13), wherein 
the Certificate Authority (CA), transmits a certificate specifying that the Service Provider 
(secondary provisioning server) is allowed to perform certain functions; 

using the primary provisioning server to provision a digital certificate of the 
primary provisioning server in each of the mobile devices (Figure 1 , column 6 line 64 - 
column 7 line 13), wherein the Certificate Authority (CA), transmits a certificate 
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specifying that the Service Provider (secondary provisioning server) is allowed to 
perform certain function; 

using the primary provisioning server to provision a digital certificate of a 
secondary provisioning server in the mobile devices, wherein the secondary 
provisioning server is on a second network outside the trusted environment (Figure 1 , 
column 6 line 64 - column 7 line 13), wherein the Certificate Authority (CA), transmits a 
certificate specifying that the Service Provider (secondary provisioning server) is 
allowed to perform certain functions; and 

using the primary provisioning server to provision the mobile devices with 
information indicating to the mobile devices authorization of the secondary provisioning 
server to provision the mobile devices (column 6 lines 1-25, column 6 line 63 - column 
7 line 12), wherein the certificate contains the allowable functionality that the secondary 
provisioning server is allowed to perform on the mobile device. 

Claim 21 is rejected as applied above in rejecting claim 20. Furthermore, Penders 
discloses: 

A method as recited in claim 20, wherein the primary and secondary provisioning 
servers each use their respective digital certificates when provisioning the mobile 
devices, to enable the mobile devices to authenticate provisioning messages from the 
primary and secondary provisioning servers (column 6 lines 1-25, column 6 line 63 - 
column 7 line 12), wherein the certificate contains the allowable functionality that the 
secondary provisioning server is allowed to perform on the mobile device. 
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Claim 22 is rejected as applied above in rejecting claim 20. Furthermore, Penders 
discloses: 

A method as recited in claim 20, further comprising using the primary 
provisioning server to specify one or more parameters which the secondary provisioning 
server is authorized to provision in the mobile devices (column 6 lines 1-25, column 6 
line 63 - column 7 line 12), wherein the certificate contains the allowable functionality 
that the secondary provisioning server is allowed to perform on the mobile device. 

Claim 23 is rejected as applied above in rejecting claim 20. Furthermore, Penders 
discloses: 

A method as recited in claim 20, further comprising using the primary 
provisioning server to provision the mobile devices with information indicating 
authorization of a plurality of secondary provisioning servers to provision the mobile 
devices (column 6 lines 1-25, column 6 line 63 - column 7 line 12), wherein the 
certificate contains the allowable functionality that the secondary provisioning server is 
allowed to perform on the mobile device, and wherein there can be more than one 
service provider (column 5 lines 5-13). 

Claim 24 is rejected as applied above in rejecting claim 23. Furthermore, Penders 
discloses: 
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A method as recited in claim 23, further comprising using the primary 
provisioning server to specify one or more parameters which each of the secondary 
provisioning servers is authorized to provision in the mobile devices (column 6 lines 1- 
25, column 6 line 63 - column 7 line 12), wherein'the certificate contains the allowable 
functionality that the secondary provisioning server is allowed to perform on the mobile 
device. 

Claim 25 is rejected as applied above in rejecting claim 24. Furthermore, Penders 
discloses: 

A method as recited in claim 24, wherein said using the primary provisioning 
server to specify one or more parameters comprises assigning each of the secondary 
provisioning servers provisioning authorization of a different scope (column 6 lines 1-25, 
column 6 line 63 - column 7 line 12), wherein the certificate contains the allowable 
functionality that the secondary provisioning server is allowed to perform on the mobile 
device, wherein the functions can be different between different service providers 
(column 5 lines 44-61). 

Claim 26 is rejected as applied above in rejecting claim 20. Furthermore, Penders 
discloses: 

A method as recited in claim 20, wherein the primary provisioning server has 
unrestricted authorization to provision the mobile devices, and authorization of the 
secondary provisioning server to provision the mobile devices is regulated by the 
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primary provisioning server (column 6 lines 1-25, column 6 line 63 - column 7 line 12), 
wherein the certificate contains the allowable functionality that the secondary 
provisioning server is allowed to perform on the mobile device, wherein the functions 
can be different between different service providers (column 5 lines 44-61 ). 

Regarding claim 32, Penders discloses: 

A machine-readable program storage medium storing instructions which, when 
executed in a processing system, configure the processing system to operate as a 
primary provisioning server within a predefined trusted environment, the primary 
provisioning server having authorization to provision a plurality of mobile devices on a 
wireless network, such that the instructions configure the processing system to execute 
a process comprising: 

provisioning a digital certificate of the primary provisioning server in each of the 
mobile devices Figure 1 , column 6 line 64 - column 7 line 13), wherein the Certificate 
Authority (CA), transmits a certificate specifying that the Service Provider (secondary 
provisioning server) is allowed to perform certain function; 

provisioning a digital certificate of a secondary provisioning server in the mobile 
devices, wherein the secondary provisioning server operates outside the trusted 
environment (Figure 1 , column 6 line 64 - column 7 line 13), wherein the Certificate 
Authority (CA), transmits a certificate specifying that the Service Provider (secondary 
provisioning server) is allowed to perform certain functions; and 
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provisioning the mobile devices with information indicating to the mobile devices 
authorization of the secondary provisioning server to provision the mobile devices 
(column 6 lines 1-25, column 6 line 63 - column 7 line 12), wherein the certificate 
contains the allowable functionality that the secondary provisioning server is allowed to 
perform on the mobile device. 

Claim 33 is rejected as applied above in rejecting claim 32. Furthermore, Penders 
discloses: 

A machine-readable program storage medium as recited in claim 32, wherein the 
primary and secondary provisioning servers each use their respective digital certificates 
when provisioning the mobile devices, to enable the mobile devices to authenticate 
provisioning messages from the primary, and secondary provisioning servers (column 6 
lines 1-25, column 6 line 63 - column 7 line 12), wherein the certificate contains the 
allowable functionality that the secondary provisioning server is allowed to perform on 
the mobile device. 

Claim 34 is rejected as applied above in rejecting claim 32. Furthermore, Penders 
discloses: 

A machine-readable program storage medium as recited in claim 32, wherein the 
process further comprises specifying one or more parameters which the secondary 
provisioning server is authorized to provision in the mobile devices (column 6 lines 1-25, 
column 6 line 63 - column 7 line 12), wherein the certificate contains the allowable 
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functionality that the secondary provisioning server is allowed to perform on the mobile 
device. 

Claim 35 is rejected as applied above in rejecting claim 32. Furthermore, Penders 
discloses: 

A machine-readable program storage medium as recited in claim 32, wherein the 
process further comprises provisioning the mobile devices with information indicating 
authorization of a plurality of secondary provisioning servers to provision the mobile 
devices (column 6 lines 1-25, column 6 line 63 - column 7 line 12), wherein the 
certificate contains the allowable functionality that the secondary provisioning server is 
allowed to perform on the mobile device. 

Claim 36 is rejected as applied above in rejecting claim 35. Furthermore, Penders 
discloses: 

A machine-readable program storage medium as recited in claim 35, wherein the 
process further comprises specifying one or more parameters which each of the 
secondary provisioning servers is authorized to provision in the mobile devices (column 
6 lines 1-25, column 6 line 63 - column 7 line 12), wherein the certificate contains the 
allowable functionality that the secondary provisioning server is allowed to perform on 
the mobile device. 
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Claim 37 is rejected as applied above in rejecting claim 36. Furthermore, Penders 
discloses: 

A machine-readable program storage medium as recited in claim 36, wherein 
said specifying one or more parameters comprises assigning each of the secondary 
provisioning servers provisioning authorization of a different scope (column 6 lines 1-25, 
column 6 line 63 - column 7 line 12), wherein the certificate contains the allowable 
functionality that the secondary provisioning server is allowed to perform on the mobile 
device, wherein the functions can be different between different service providers 
(column 5 lines 44-61 ). 

Claim 38 is rejected as applied above in rejecting claim 32. Furthermore, Penders 
discloses: 

A machine-readable program storage medium as recited in claim 32, wherein the 
primary provisioning server has unrestricted authorization to provision the mobile 
devices, and authorization of the secondary provisioning server to provision the mobile 
devices is regulated by the primary provisioning server (column 6 lines 1-25, column 6 
line 63 - column 7 line 12), wherein the certificate contains the allowable functionality 
that the secondary provisioning server is allowed to perform on the mobile device, 
wherein the functions can be different between different service providers (column 5 
lines 44-61). 



Regarding claim 40, Penders discloses: 
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A method of operating a mobile device on a wireless network, the method 
comprising: 

receiving a provisioning message from a first trusted provisioning domain (TPD), 
the provisioning message specifying a second TPD and indicating a parameter which 
the second TPD is authorized to provision in the mobile device (column 6 lines 1-25, 
column 6 line 63 - column 7 line 12), wherein the certificate contains the allowable 
functionality that the secondary provisioning server is allowed to perform on the mobile 
device; 

storing information identifying the second TPD and the parameter in response to 
the provisioning message (column 6 lines 1-25, column 6 line 63 - column 7 line 12), 
wherein the certificate contains the allowable functionality that the secondary 
provisioning server is allowed to perform on the mobile device; and 

provisioning the parameter in the mobile device in response to a provisioning 
message from the second TPD (column 7 lines 1-13). 

Claim 41 is rejected as applied above in rejecting claim 40. Furthermore, Penders 
discloses: 

A method as recited in claim 40, wherein the first TPD is within a trusted 
environment, and the second TPD is outside the trusted environment (Figure 1, column 
5 lines 1-14), wherein the certificate authority is connected via a telecommunications 
network to the terminal and the Service Provider. 
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Claim 42 is rejected as applied above in rejecting claim 41. Furthermore, Penders 
discloses: 

A method as recited in claim 41 , further comprising: 

receiving a digital certificate of the second TPD from the first TPD (column 6 lines 
1-25, column 6 line 63 - column 7 line 12), wherein the certificate contains the allowable 
functionality that the secondary provisioning server is allowed to perform on the mobile 
device; and 

using the digital certificate in the mobile device to authenticate the provisioning 
message from the second TPD (column 6 lines 1-25, column 6 line 63 - column 7 line 
12), wherein the certificate contains the allowable functionality that the secondary 
provisioning server is allowed to perform on the mobile device. 

Claim 43 is rejected as applied above in rejecting claim 40. Furthermore, Penders 
discloses: 

A method as recited in claim 40, wherein the provisioning message specifies a 
plurality of secondary TPDs and a parameter which each of the secondary TPDs is 
authorized to provision in the mobile device, the method further comprising storing 
information identifying each of the secondary TPDs and the corresponding parameters 
in response to the provisioning message (column 6 lines 1-25, column 6 line 63 - 
column 7 line 12), wherein the certificate contains the allowable functionality that the 
secondary provisioning server is allowed to perform on the mobile device, wherein the 
functions can be different between different service providers (column 5 lines 44-61). 
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Regarding claim 44, Penders discloses: 

A method of operating a mobile device on a wireless network, the method 
comprising: 

receiving a provisioning message from a remote source, the provisioning 
message specifying a parameter (Figure 1, column 6 line 64 - column 7 line 13), 
wherein the Certificate Authority (CA), transmits a certificate specifying that the Service 
Provider (secondary provisioning server) is allowed to perform certain functions; 

determining whether the remote source is a primary trusted provisioning domain 
(TPD) (Figure 1 , column 6 line 64 - column 7 line 13), wherein the Certificate Authority 
(CA), transmits a certificate specifying that the Service Provider (secondary provisioning 
server) is allowed to perform certain functions; 

if the remote source is the primary TPD, provisioning the parameter in the mobile 
device in response to the provisioning message (column 6 lines 1-25, column 6 line 63 
- column 7 line 12); 

if the remote source is not the primary TPD, determining whether the remote 
source is a secondary TPD authorized to provision the parameter, based on a 
provisioning authorization previously received by the mobile device from the primary 
TPD (column 6 lines 1-25, column 6 line 63 - column 7 line 12); and 

if the remote source is a secondary TPD authorized to provision the parameter, 
provisioning the parameter in the mobile device in response to the provisioning 
message (column 7 lines 1-13). 
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Claim 45 is rejected as applied above in rejecting claim 44. Furthermore, Penders 
discloses: 

A method as recited in claim 44, wherein the primary TPD operates within a 
trusted environment, and the secondary TPD operates outside the trusted environment 
(Figure 1, column 5 lines 1-14), wherein the certificate authority is connected via a 
telecommunications network to the terminal and the Service Provider. 

Claim 46 is rejected as applied above in rejecting claim 44. Furthermore, Penders 
discloses: 

A method as recited in claim 44, further comprising: 

receiving a digital certificate of the secondary TPD from the primary TPD (Figure 
1 , column 6 line 64 - column 7 line 13), wherein the Certificate Authority (CA), transmits 
a certificate specifying that the Service Provider (secondary provisioning server) is 
allowed to perform certain functions; and 

using the digital certificate in the mobile device to authenticate the provisioning 
message (column 6 lines 1-25, column 6 line 63 - column 7 line 12), wherein the 
certificate contains the allowable functionality that the secondary provisioning server is 
allowed to perform on the mobile device. 

Claim 47 is rejected as applied above in rejecting claim 44. Furthermore, Penders 
discloses: 
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A method as recited in claim 44, wherein the provisioning message specifies a 
plurality of secondary TPDs and a parameter which each of the secondary TPDs is 
authorized to provision in the mobile device, the method further comprising storing 
information identifying each of the secondary TPDs and the corresponding parameters 
in response to the provisioning message (column 6 lines 17-25). 

Regarding claim 48, Penders discloses: 

A mobile device configured to operate on a wireless network, the mobile device 
comprising: 

a processor (column 3 lines 12-20); 

a data communication device coupled to the processor to communicate data with 
one or more remote systems via the wireless network (column 5 lines 1-13); and 

a memory coupled to the processor and storing instructions for execution by the 
processor to configure the mobile device to execute a process comprising: 

receiving a provisioning message from a first trusted provisioning domain (TPD) 
via the wireless network, the provisioning message specifying a second TPD and 
indicating a parameter which the second TPD is authorized to provision in the mobile 
device (Figure 1, column 6 line 64 - column 7 line 13), wherein the Certificate Authority 
(CA), transmits a certificate specifying that the Service Provider (secondary provisioning 
server) is allowed to perform certain functions; 

storing information identifying the second TPD and the parameter in response to 
the provisioning message (column 6 lines 17-25); and 
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provisioning the parameter in the mobile device in response to a provisioning 
message from the second TPD (column 7 lines 1-13). 

Claim 49 is rejected as applied above in rejecting claim 48. Furthermore, Penders 
discloses: 

A mobile device as recited in claim 48, wherein the first TPD is within a trusted 
environment, and the second TPD is outside the trusted environment (Figure 1, column 
5 lines 1-14), wherein the certificate authority is connected via a telecommunications 
network to the terminal' and the Service Provider. 

Claim 50 is rejected as applied above in rejecting claim 49. Furthermore, Penders 
discloses: 

A mobile device as recited in claim 49, wherein the process further comprises: 
receiving a digital certificate of the second TPD from the first TPD (Figure 1 , 
column 6 line 64 - column 7 line 13), wherein the Certificate Authority (CA), transmits a 
certificate specifying that the Service Provider (secondary provisioning server) is 
allowed to perform certain functions; and 

using the digital certificate in the mobile device to authenticate the provisioning 
message from the second TPD (column 6 lines 1-25, column 6 line 63 - column 7 line 
12), wherein the certificate contains the allowable functionality that the secondary 
provisioning server is allowed to perform on the mobile device. 
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Claim 51 is rejected as applied above in rejecting claim 48. Furthermore, Penders 
discloses: 

A mobile device as recited in claim 48, wherein the provisioning message 
specifies a plurality of secondary TPDs and a parameter which each of the secondary 
TPDs is authorized to provision in the mobile device, and wherein the process further 
comprises storing information identifying each of the secondary TPDs and the 
corresponding parameters in response to the provisioning message (column 6 lines 17- 
25). 

Regarding claim 52, Penders discloses: 

A mobile device configured to operate on a wireless network, the mobile device 
comprising: 

a processor (column 3 lines 12-20); 

a data communication device coupled to the processor to communicate data with 
one or more remote systems via the wireless network (column 5 lines 1-13); and 

a memory coupled to the processor and storing instructions for execution by the 
processor to configure the mobile device to execute a process comprising 

receiving a provisioning message from a remote source, the provisioning 
message specifying a parameter (Figure 1 , column 6 line 64 - column 7 line 13), 
wherein the Certificate Authority (CA), transmits a certificate specifying that the Service 
Provider (secondary provisioning server) is allowed to perform certain functions; 
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determining whether the remote source is a primary trusted provisioning domain 
(TPD) (Figure 1, column 6 line 64 - column 7 line 13), wherein the Certificate Authority 
(CA), transmits a certificate specifying that the Service Provider (secondary provisioning 
server) is allowed to perform certain functions; 

if the remote source is the primary TPD, provisioning the parameter in the mobile 
device in response to the provisioning message (column 6 lines 1-25, column 6 line 63 
- column 7 line 12); 

if the remote source is not the primary TPD, determining whether the remote 
source is a secondary TPD authorized to provision the parameter, based on a 
provisioning authorization previously received by the mobile device from the primary 
TPD (column 6 lines 1-25, column 6 line 63 - column 7 line 12); and 

if the remote source is a secondary TPD authorized to provision the parameter, 
provisioning the parameter in the mobile device in response to the provisioning 
message (column 7 lines 1-13). 

Claim 53 is rejected as applied above in rejecting claim 52. Furthermore, Penders 
discloses: 

A mobile device as recited in claim 52, wherein the primary TPD operates within 
a trusted environment, and the secondary TPD operates outside the trusted 
environment (Figure 1, column 5 lines 1-14), wherein the certificate authority is 
connected via a telecommunications network to the terminal and the Service Provider. 
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Claim 54 is rejected as applied above in rejecting claim 52. Furthermore, Penders 
discloses: 

A mobile device as recited in claim 52, wherein the process further comprises: 
receiving a digital certificate of the secondary TPD from the primary TPD (Figure 
1 , column 6 line 64 - column 7 line 13), wherein the Certificate Authority (CA), transmits 
a certificate specifying that the Service Provider (secondary provisioning server) is 
allowed to perform certain functions; and 

using the digital certificate in the mobile device to authenticate the provisioning 
message (column 6 lines 1-25, column 6 line 63 - column 7 line 12), wherein the 
certificate contains the allowable functionality that the secondary provisioning server is 
allowed to perform on the mobile device. 

Claim 55 is rejected as applied above in rejecting claim 52. Furthermore, Penders 
discloses: 

A mobile device as recited in claim 52, wherein the provisioning message 
specifies a plurality of secondary TPDs and a parameter which each of the secondary 
TPDs is authorized to provision in the mobile device, and wherein the process further 
comprises storing information identifying each of the secondary TPDs and the 
corresponding parameters in response to the provisioning message (column 6 lines 17- 
25). 
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